spotbugs/
SpotBugs plugin for SonarQube
USD raised
Recent activities
Sonar 7.9 LTS warnings
NPE in SpringEntityLeakDetector if class is abstract
Please update to fb-contrib 7.4.6 - fixes false positives in Java 11
Fails to detect bugs
When will be the next release/hotfix available containing the latest changes on master?
ASM failed to load classfile metadata
Sonar-findbugs artifacts part of target folder
sonar findbugs plugin can not find some code issues while maven spotbugs can
Java project Findbugs execute timeout
Does findbugs support Scala code?
not compatible with java 13
Can not execute Findbugs: One (sub)project contains Java source files that are not compiled
Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin
Excessive build output for TaintAnalysis and DataflowAnalysisException
Warnings seen during sonar analysis
No jar for 4.0.0
searching FindSecBugs findings in SonarQube API with cwe URL parameter
Remove duplicates with SonarJava?
NullpointerException when executing analysis
Failure while scanning Lombok-enhanced class file
Can sonar findbugs plugin support the option `-onlyAnalyze`?
performance issue with the Find -bugs plugin
Dereferencing
Where can I get the matchup version between findbugs-plugin and SonarQube ?
Can findbugs scan the *.java source code directly?
Invalid Class file format for queueAlerts.class
Code smell appears despite existing spotbugs exclude filter
Can not execute Findbugs with a timeout threshold value of 1200000 milliseconds
new bug in old code
Any release planned supporting sonarqube 8.4 ?
java.lang.IllegalStateException: Can not execute Findbugs
No jar for 4.0.1
Integrated sonarlint eclipse plugin with sonarqube(findbugs configured). can sonarlint show findbug suggestions in eclipse in eclipse
Upgrade to 4.0.1 also upgrades Sonar-Java
Rule findsecbugs:FILE_UPLOAD_FILENAME breaks JSON export (via API)
Download 4.0.1 jar
Providing a Spotbugs Report to Sonar Project
Suppression with new SQ API
Sonarqube is reporting false findbugs issues on kotlin
Does sonarqube 8.0 supported by this plugin?
XStream < 1.4.14 High-risk vulnerability of remote code execution (CVE-2020-26217)
Missing jar file for 4.0.1 release
The discovery JSP contains js ,XSS vulnerabilities cannot be swept
Jar no longer being published with Github releases
XStream < 1.4.15 Deserialization vulnerability (CVE-2020-26258, CVE-2020-26259) [Version Detection]
Sonarqube 7.9.4 analysis error on GCP cluster
Findbugs profiles not updated after Sonarqube plugin update
Warning messages of unknown rules at the start of SonarQube
SNAPSHOT deployment is failing
False positive resolved marked issues are getting opened as new issues
Overlap between SpotBugs and SonarQube
Duplicate rule names
ClassNotFoundException with sonarqube 9
Support for new SonarQube LTS version 8.9?
Could not be matched to its original source file. It might be a dynamically generated class.
Kotlin support missing
kotlin support in sonar
When will sporbugs version 4.4.0 be supported?
🔈 new maintainer wanted
Exception with SonarQube 8.9.2
SonarQube 8.9.0: Cannot be activated on jsp profile FindBugs Security JSP
Is there a way to ignore Spotbugs' annotation in SonarQube?
Exception with findbugs 4.0.4plugin after 9.1 ugrade
Findbugs plugin does not support JDK 17
Move github action for release automation into this repo
Unable start sonar after update sonar from 8.9.2 to 9.2.0 version sonar-findbugs
Generating too much logs for findsec bug rules
Autowired spring beans are recognized as variables that could be local
false positive "Possible null pointer dereference due to return value of called method"
Log4j remote code execution vulnerability (CVE-2021-44228)
We have an issue that the execution of Sonarqube Scan which fails during the package-branch job with error on Concourse
Scala/FindSecBugs Rules not being imported
FindBug-SonarQube: Not a valid line for pointer in JSP file compiled with Jetty
SonarQube › java.lang.IllegalArgumentException: Unable to register token in file
KengoTODA/sonar-update-center-properties has been archived,
Findbugs rule 'EI_EXPOSE_REP' is not active in Sonar.
Can not execute Findbugs: One (sub)project contains Java source files that are not compiled in Scala folder
Is Findbugs plugin for Sonarqube affected by Spring4Shell vulnerability (CVE-2022-22965)
scanForAdditionalClasses misbehaving
SCALA_PATH_TRAVERSAL_IN Associated rule not present in SonarQube rules
BadRequestException: scala rule findsecbugs-scala:SCALA_XSS_MVC_API cannot be activated on java profile FindBugs Security Audit
Findbugs Analysis should be skipped when there are no Findbugs Rules activated in QualityProfile
Errors occurred during analysis using v3.5
A couple of questions about sonar-update-center-action
Findbugs plugin fails to analyse java project
Configure for Azure DevOps Server SonarQube
Please build project before executing sonar or check the location of compiled classes to make it possible for Findbugs to analyse your (sub)project .
Option to skip sensor completely
Error: java.lang.IllegalStateException: One (sub)project contains Java source files that are not compiled (/home/jenkins/agent/workspace/cationgateway_multibranch_master).
Is sonar-findbugs plugin compatible with Sonarqube EE 9.4?
warning about not found original source file for files ignored by SQ configuration
[ERROR] Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.3.0.603:sonar
Findbugs Security JSP - failing execution
fb-contrib:USFW_UNSYNCHRONIZED_SINGLETON_FIELD_WRITES java rule caught issue in Kotlin Code
Exclude folder for findbugs through Sonarqube scan
Gradle project scan failed with 'One (sub)project contains Java source files that are not compiled'
"Can't find ClassInfo" when looking at dependency
Unsupported class file major version 25888
Update requirements for new versions in the sonar marketplace
Maven Project Issue - Can not execute Findbugs: One (sub)project contains Java source files that are not compiled
Cannot find pre compiled JSP with Branch Community Plugin
regarding usage of Apache commons-text library
Sonar scanning getting failed to scan the multiple languages due to Findbugs plugin
Apache Common Text library - vulnerability
File handle to findsecbugs-plugin.jar is leaking
Findbugs fails when JavaSensor uses cached data
Apply fb-contrib rules to Unit Tests
Findbugs is reporting false positive bugs in test code
Is sonar-findbugs compatible with Sonarqube 10.x
sonarqube displays errors from a profile that is not assigned to the project
Crowd username changes - impact on sonar-findbbugs plugin
FindBug Rules are triggered for Quality PRofile Kotlin and XML
SonarQube Project showing an issue from a Java findbugs rule which is not there in the selected Quality Profile
SonarQube fails with Java 17
Spike in SonarQube Findings
Support Java 21 (Unsupported class file major version 65)
new option to analyze tests
Update PAT_TO_FORK
Integration tests occassionally fail due to errors accessing the jfrog repo
Make "sonar-findbugs" compatible with SonarQube 10.4 "DownloadOnlyWhenRequired" feature
v4.2.8 is missing a release artifact
java.lang.IllegalArgumentException: Error: missing bug code for keySECXXEVAL
Getting "Hard coded password found here" exception where (IMHO) it shouldn't
NoClassDefFoundError after Sonar update from 10.4 to 10.5
Support Java SDK 8 and 21 simultaneously
Sonatype deploy now requires token authentication
Got a ClassNotFoundException when running scanner with the latest version of sonar-findbugs
There was an interesting error with the findbugs plugin
FindBugs scanner complains with only a Kotlin DSL Gradle build script in the sources
NOSONAR not ignored
Drop sonar 8 from any support here, its end of life for even paid for more than a year at time of writing
Missing Java 8 functional interfaces
Can not execute Findbugs with a timeout threshold value of 600000 milliseconds
© 2019 BoostIO, Inc.
IssueHunt
